From c1b6fe4f26d5771e493d80ec319f17a4d9d6c6bc Mon Sep 17 00:00:00 2001
From: Bastian de Byl <bastian@bdebyl.net>
Date: Mon, 18 Jul 2022 23:34:21 -0400
Subject: [PATCH] corrected letsencrypt permissions for podman, post-hook

---
 ansible/roles/podman/tasks/configuration-nginx.yml | 2 +-
 ansible/roles/podman/tasks/container-pihole.yml    | 1 +
 ansible/roles/ssl/tasks/cron.yml                   | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/podman/tasks/configuration-nginx.yml b/ansible/roles/podman/tasks/configuration-nginx.yml
index e7940b9..febecdd 100644
--- a/ansible/roles/podman/tasks/configuration-nginx.yml
+++ b/ansible/roles/podman/tasks/configuration-nginx.yml
@@ -5,7 +5,7 @@
     path: /srv/http/letsencrypt
     owner: "{{ podman_user }}"
     group: "{{ podman_user }}"
-    mode: 0644
+    mode: 0755
     state: directory
   tags:
     - ssl
diff --git a/ansible/roles/podman/tasks/container-pihole.yml b/ansible/roles/podman/tasks/container-pihole.yml
index 27163f1..0d24c00 100644
--- a/ansible/roles/podman/tasks/container-pihole.yml
+++ b/ansible/roles/podman/tasks/container-pihole.yml
@@ -11,6 +11,7 @@
   loop:
     - "{{ pihole_path }}/config"
     - "{{ pihole_path }}/dnsmasq"
+    - "/srv/http/letsencrypt"
   tags: pihole
 
 - name: flush handlers
diff --git a/ansible/roles/ssl/tasks/cron.yml b/ansible/roles/ssl/tasks/cron.yml
index ba45973..8a41718 100644
--- a/ansible/roles/ssl/tasks/cron.yml
+++ b/ansible/roles/ssl/tasks/cron.yml
@@ -5,5 +5,5 @@
     name: certbot_renew
     special_time: weekly
     job: >-
-      certbot renew --post-hook 'systemctl restart nginx'
+      certbot renew --post-hook "su -s /bin/sh podman -c 'podman restart nginx'"
   tags: cron